- Different public cloud offerings have different controls, making it a challenge to apply consistent security policies.
- Security applications – such as IDS/IPS, SIEM, AV, and firewalls – break or function differently when migrated to the cloud.
- 20% of survey respondents reported that they still use manual processes to manage cloud security, greatly inflating the amount of time and expenditure required.
Executives are right to think that securing a hybrid cloud environment is complicated, but it’s also true that many companies are making hybrid cloud security much more complicated than it needs to be. What are some of the biggest security challenges that hybrid cloud adopters need to overcome – and are they missing some obvious solutions?
Challenge 1: Firewalls Are Less Useful in the Hybrid Cloud
When applications live in the cloud and are accessed via the web, the connections between them are completely outside the corporate perimeter. Nearly 100% of traffic is being concentrated between just two ports, 80 and 443, which means that it’s that much harder for traditional firewalls to screen out harmful connections. Lastly, the rise of HTTPS encryption (which is genuinely a good thing) also means that firewalls can’t understand much about traffic beyond where it’s coming from and where it’s going.
Solution: Adopt a New Perimeter Protection Platform
Massive technologically-advanced companies such as Google are among the leading wave of organizations who advocate for keeping the ports closed as often as possible, when allowing access into the organization via the perimeter. Their solution is homebuilt, and the result of about six years of development – somewhat beyond the resources of most enterprises. However, other so-called Zero Trust models have recently entered the market – including Safe-T’s Software Defined Access Solution – and are now available for companies to protect their hybrid clouds.
Challenge 2: Complicated Control Schemes
Different clouds are controlled in different ways. They may also use different APIs, with differing levels of documentation and usability. This produces a high level of uncertainty, and may lead to inadvertent security failures. We’ve already written about how nearly 10% of AWS S3 buckets have been set up without requiring usernames and passwords, and a recent discovery has shown an S3 deployment that exposed apparently classified intelligence. Can you be sure that none of your cloud deployments are insecure?
Solution: Automated Policy Enforcement
Only 26% of administrators are currently using automation to support security on the hybrid cloud, but it should be a lot more. Automation prevents oversights such as forgetting to put a password on a cloud storage implementation or failing to encrypt data in motion. Safe-T employs easy-to-use API connectors to ensure that security policies apply no matter which cloud service you happen to be using.
Challenge 3: Changing Cloud Environments
When administrators were confined to the purely private cloud, they were at very least assured that they would be fully in control of the substrate that their applications were running on. With the public cloud, the provider must occasionally update their own systems, patch their servers and so on – which occasionally comes into conflict with their clients’ own application traffic. This might end up making previously-secure cloud instances less so.
Solution: Intelligent Alerting
If a change in the cloud environment affects your security posture, you need to know immediately. Safe-T offers an instant, granular alerting process. Whether there’s a sudden change in your network configuration, or an employee trying to email a file that they shouldn’t, Safe-T provides rapid notifications, with advanced mitigation options on the way. For more information about Safe-T and how we can deliver you dependable security in a complicated cloud environment, request a free demo today!